Merge "Add a configurable truststore for A1 adapter"

Former-commit-id: 6a9e13ac968d3210919c18714cd646621ac089ed

5 files changed, 38 insertions, 0 deletions

diff --git a/installation/sdnc/src/main/scripts/addA1TrustStore.sh b/installation/sdnc/src/main/scripts/addA1TrustStore.sh
new file mode 100755
index 00000000..4e3fcab6
--- /dev/null
+++ b/installation/sdnc/src/main/scripts/addA1TrustStore.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+###
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+SDNC_STORE_DIR=${SDNC_STORE_DIR:-/opt/onap/sdnc/data/stores}
+A1_TRUSTSTORE=${SDNC_STORE_DIR}/truststore.a1.adapter.jks
+ONAP_TRUSTSTORE=${SDNC_STORE_DIR}/truststoreONAPall.jks
+
+if [ -f ${A1_TRUST_STORE} ]
+then
+  keytool -importkeystore -srckeystore ${A1_TRUSTSTORE} -srcstorepass ${A1_TRUSTSTORE_PASSWORD} -destkeystore ${ONAP_TRUSTSTORE} -deststorepass changeit
+fi
diff --git a/installation/sdnc/src/main/scripts/startODL.oom.sh b/installation/sdnc/src/main/scripts/startODL.oom.sh
index 409e27c9..1ce4a1b0 100755
--- a/installation/sdnc/src/main/scripts/startODL.oom.sh
+++ b/installation/sdnc/src/main/scripts/startODL.oom.sh
@@ -355,6 +355,8 @@ if [ ! -f ${SDNC_HOME}/.installed ]
 then
     echo "Installing SDN-C keyStore"
     /bin/bash ${SDNC_HOME}/bin/addSdncKeyStore.sh
+    echo "Installing A1-adapter trustStore"
+    /bin/bash ${SDNC_HOME}/bin/addA1TrustStore.sh
 
     if $ENABLE_ODL_CLUSTER ; then enable_odl_cluster ; fi
 
diff --git a/installation/sdnc/src/main/scripts/startODL.sh b/installation/sdnc/src/main/scripts/startODL.sh
index 14ffe2a3..86d1e09c 100755
--- a/installation/sdnc/src/main/scripts/startODL.sh
+++ b/installation/sdnc/src/main/scripts/startODL.sh
@@ -152,6 +152,8 @@ then
 	${SDNC_HOME}/bin/installSdncDb.sh
 	echo "Installing SDN-C keyStore"
 	${SDNC_HOME}/bin/addSdncKeyStore.sh
+	echo "Installing A1-adapter trustStore"
+	${SDNC_HOME}/bin/addA1TrustStore.sh
 
 	#${CCSDK_HOME}/bin/installOdlHostKey.sh
 
diff --git a/installation/src/main/stores/truststore.a1.adapter.jks b/installation/src/main/stores/truststore.a1.adapter.jks
new file mode 100644
index 00000000..35eaceb8
--- /dev/null
+++ b/installation/src/main/stores/truststore.a1.adapter.jks
diff --git a/installation/src/main/yaml/docker-compose.yml b/installation/src/main/yaml/docker-compose.yml
index 773d0616..96f9bb32 100644
--- a/installation/src/main/yaml/docker-compose.yml
+++ b/installation/src/main/yaml/docker-compose.yml
@@ -63,6 +63,12 @@ services:
       - ODL_CERT_DIR=/tmp
       - ODL_ADMIN_USERNAME=admin
       - ODL_ADMIN_PASSWORD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+      - A1_TRUSTSTORE_PASSWORD=a1adapter
+    # The default truststore for A1 adapter can be overridden by mounting a new
+    # truststore (uncomment the lines below), whereas the corresponding password
+    # should be updated in A1_TRUSTSTORE_PASSWORD environment variable (in the line above)
+    #volumes:
+    #  - ./a1_truststore.jks:/opt/onap/sdnc/data/stores/truststore.a1.adapter.jks:ro
     dns:
       - ${DNS_IP_ADDR-10.0.100.1}
     logging: